TITLE:
DNS might generate an invalid zone file
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:Plesk 17.5.3, Ubuntu 16.04, x64
PROBLEM DESCRIPTION:It is possible to create TXT records that contain data that fails bind syntax check. On the next Bind restart, the zone gets unloaded and in Plesk there are no warnings about this, which means potentially that customers can make their domain unreachable after the zones hit expiry on the slave DNS servers.
STEPS TO REPRODUCE:Create TXT record with bogus data. In my case it was a 2048 bit DKIM record:
v=DKIM1; g=*; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGYevV+7cC/VszRnPWD8FbnKGCLpKyKK0OhFX2YIfoQyzlG/8MQErz/XuoyAeErrNSYaPMqtq9mTJFxrmUOp11ZBVRieB3RHIlcPeOe1qyMja0IJQAWhCdy4qgMLPRVSY6pJ5DeQ4XJRu/N2hqCQ8HGnWn3ni4kk2wLVssGX27UiXZKUN/+pyNXL1/ab5QUlPUYvN2aEGQ8bBfPm0I/WuCTVzr9fFDzsD+pk5Es2d4/CjUtnn/i2sv+gW8vle+Rsl8Xb6ztq0k0oFqHqVFSI1s2oBvslHddsOHojRbALSzuZR73kfLllVPeDRALNQ6qxq1bRV6DHwjOnzJI7uai8LQIDABAQ;
named-checkzone domain.tld /var/named/run-root/var/domain.tld
dns_rdata_fromtext: /var/named/run-root/var/domain.tld:26: syntax error
zone domain.tld/IN: loading from master file /var/named/run-root/var/domain.tld failed: syntax error
zone domain.tld/IN: not loaded due to errors.
ACTUAL RESULT:v=DKIM1; g=*; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGYevV+7cC/VszRnPWD8FbnKGCLpKyKK0OhFX2YIfoQyzlG/8MQErz/XuoyAeErrNSYaPMqtq9mTJFxrmUOp11ZBVRieB3RHIlcPeOe1qyMja0IJQAWhCdy4qgMLPRVSY6pJ5DeQ4XJRu/N2hqCQ8HGnWn3ni4kk2wLVssGX27UiXZKUN/+pyNXL1/ab5QUlPUYvN2aEGQ8bBfPm0I/WuCTVzr9fFDzsD+pk5Es2d4/CjUtnn/i2sv+gW8vle+Rsl8Xb6ztq0k0oFqHqVFSI1s2oBvslHddsOHojRbALSzuZR73kfLllVPeDRALNQ6qxq1bRV6DHwjOnzJI7uai8LQIDABAQ;
named-checkzone domain.tld /var/named/run-root/var/domain.tld
dns_rdata_fromtext: /var/named/run-root/var/domain.tld:26: syntax error
zone domain.tld/IN: loading from master file /var/named/run-root/var/domain.tld failed: syntax error
zone domain.tld/IN: not loaded due to errors.
Plesk saves successfully, but Bind fails to reload the zone.
Apparently, my Bind does not support 2048 bit keys. Adding a 1024 bit key to the zone was fine.
EXPECTED RESULT:Apparently, my Bind does not support 2048 bit keys. Adding a 1024 bit key to the zone was fine.
Maybe Plesk should run named-checkzone against the updated zone to check if it works fine.
named-checkzone <domain> /var/named/run-root/var/<domain>
ANY ADDITIONAL INFORMATION:named-checkzone <domain> /var/named/run-root/var/<domain>
Bind version 9.10.3.dfsg.P4-8ubuntu1.6
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:Confirm bug